2026 World Cup: Discussing The World’s Biggest Game’s Attack Surface
Unit 42 assesses the cyber threat landscape for the 2026 FIFA World Cup across three host nations, drawing on documented attacks against prior mega-events (Rio 2016, Pyeongchang 2018, Paris 2024). Key threat vectors include Iran-nexus disruptive operations targeting Rockwell/Allen-Bradley and Unitronics PLCs in U.S. critical infrastructure (per CISA advisory AA26-097A), pro-Russian hacktivist DDoS campaigns by NoName057(16) keyed to politically symbolic events, and financially motivated cybercrime targeting fan portals, ticketing, hospitality PoS systems, and accommodation fraud. The Pyeongchang 2018 Olympic Destroyer wiper (GRU Unit 74455) compromised 300+ systems and disabled Wi-Fi, ticketing, and broadcast drones — cited as a concrete precedent for a wiper scenario during a high-visibility ceremony. Defenders are urged to prepare for multi-jurisdictional coordination across ancillary city infrastructure in addition to tournament IT.